Spaces in passwords are not handled correctly when adding servers

[ivanov17]

🐛 Bugreport

When I try to add a new IMAP or SMTP server on the Servers page and specify a password that contains spaces, I get the message Unable to save this server, are the username and password correct?.

At the same time, in the IMAP server logs I see the error authentication failure: checkpass failed. But the password provided is correct.

When I use a password of the same length but without spaces, the authentication succeeds and I can receive or send emails. This means that Cypht does not handle spaces in passwords correctly in this case.

In principle, SMTP and IMAP servers can accept any Unicode characters in passwords. This means that Cypht must also accept any Unicode characters and handle them as expected.

However, the login page handles spaces in passwords properly.

Also, this either does not affect the issue #820 or may just be an additional factor. At least I still can't save the settings permanently, even using a password without spaces.

Version & Environment

Rev: v1.4.0

OS: CentOS Stream 9 container

PHP: 8.2.12

Steps to reproduce

1. Set a password containing spaces for your IMAP or SMTP account
2. Go to Servers page
3. Try to add an IMAP or SMTP server to your Cypht account

[marclaporte]

I am OK for spaces in the password, but not spaces as first or last character because it causes too many support requests when people copy-paste passwords (which make sense when they are super-long)
#780

[Shadow243]

We are already initiating a solution to the case, but it appears that the error lies in spaces being transformed into plus signs, especially when they are in the middle of passwords.

[ivanov17]

@marclaporte In this case, Cypht also stores passwords for remote services, and hypothetically they can be anything. I think the main concern here should be to properly store whatever password the user wants to store.

There is an interesting discussion on spaces in passwords on StackExchange: https://security.stackexchange.com/questions/32691/why-not-allow-spaces-in-a-password

In the comments, among other things, the following opinion is found:

If you notice at creation time that there are trailing spaces in a password then warn the user that this is not recommended. Don't stop them from doing this but tell them that their password will not be as secure.

Perhaps a better solution would be to warn the user about leading or trailing spaces.

[marclaporte]

For the record, I am supportive of spaces in passwords (just not first/last character). Ref: https://xkcd.com/936/

[marclaporte]

@ivanov17 Good point that the user may not be able to modify the password from an external service. But I have never seen a password with a trailing space in my long career in IT. OTOH, I have many times helped users with an accidental trailing space that would cause multiple tries and to lock their account. As long as users are warned, I am OK.

@Shadow243: Your decision.

[marclaporte]

We already have a PR for this: #780

[Shadow243]

This issue has been solved by this: #822

[marclaporte]

@ivanov17 Please test and re-open if issue persists.